Mandiant: 1 in 7 Ransomware Extortion Attacks Exposes OT Data

Analysis of "shaming site" data dumps found sensitive documentation from OT organizations, including oil and gas.

Dark Reading Staff, Dark Reading

January 31, 2022

1 Min Read

Ransomware gangs often up their game by extorting their victims on so-called shaming sites, where they dump the stolen information to pressure the victims to pony up and pay ransom. According to a new analysis of these attacks by incident response provider Mandiant, one in seven of those extortion incidents exposes sensitive operational technology (OT) information stolen from industrial victims in the attacks.

Mandiant says more than 1,300 OT organizations in critical infrastructure and industrial production were hit by these so-called "multifaceted extortion" attacks in 2021. In a sampling of those victim cases, Mandiant said stolen OT data included detailed network and process documentation from two oil and gas organizations; admin credentials for an OEM to a manufacturer of trains, as well as backups for Siemens TIA Portal PLC project files; and product diagrams and source code for a platform that tracks automobile fleets via GPS for a satellite vehicle-tracking service provider, among other sensitive documents.

"Access to this type of data can enable threat actors to learn about an industrial environment, identify paths of least resistance, and engineer cyber physical attacks. On top of this, other data also included in the leaks about employees, processes, projects, etc. can provide an actor with a very accurate picture of the target’s culture, plans, and operations," Mandiant said in its report.

The Mandiant report is available online.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights